New Shai-Hulud malware wave compromises 600 npm packages
…more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in the @antv ecosystem…
Search
Top stories
Chinese hackers use new Atlas RAT malware in European cyberattacks
…Telegram Mini Apps abused for crypto scams, Android malware delivery Over 116,000 Minecraft systems infected in WeedHack malware campaign WordPress malware campaign hides payloads in Steam profiles ChatGPT share links abused…
LastPass confirms data breach in Klue supply chain attack
…The threat actor exfiltrated Customer Relationship Management (CRM) data and launched an extortion campaign. LastPass has disabled employee access to Klue, rotated the exposed API/OAuth tokens, and notified law enforcement while…
Chinese hackers breach REDCap servers, steal medical research
Chinese hackers breach REDCap servers, steal medical research By Bill Toulas June 15, 2026 10:00 AM A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and…
GPU mining malware spreads via SEO poisoning, AI chatbots
…the machine by deploying the legitimate remote management ScreenConnect tool, which could later be used to install additional malware. Microsoft researchers discovered the campaign and determined that the attack begins when users…
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
…The Shai-Hulud campaign emerged last September and had multiple iterations [ 1 , 2 , 3 ], some of them exposing hundreds of thousands of developer secrets in automatically generated GitHub repositories. Among more recently…
Chinese hackers target telcos with new Linux, Windows malware
Chinese hackers target telcos with new Linux, Windows malware By Bill Toulas May 21, 2026 10:00 AM A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux…
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
…The FBI warns that Kali365 gives even low-skilled attackers access to advanced phishing capabilities, including AI-generated phishing lures, automated campaign templates, real-time victim-tracking dashboards, and token-capture functionality…
Why Account Takeovers Are Rising and How to Stop Them
Why Account Takeovers Are Rising and How to Stop Them Sponsored by Specops Software June 17, 2026 10:00 AM Organizations now manage thousands of human and non-human identities across cloud…
FBI disrupts massive AI-powered phishing service using a million URLs
…The cybercrime operation used AI and distributed phishing kits for campaigns impersonating various trusted brands in texts sent through AT&T, T-Mobile, and Verizon. Outsider Enterprise has been active since at…